azorult | b30f264fda73db6970c313776095289e5fc0ee77f6be19010e2f9e125205e845 | Triage

Submit
Reports

Overview

overview

Static

static

964ca687aa...ce.exe

windows7_x64

964ca687aa...ce.exe

windows10_x64

Sharing

General

Target

964ca687aae19eb199c4da55fa0667ce.exe
Size

951KB
Sample

201109-8sf6kdqyc2
MD5

964ca687aae19eb199c4da55fa0667ce
SHA1

b13e4a835e608d2a3e9c3ff718078a1131092375
SHA256

b30f264fda73db6970c313776095289e5fc0ee77f6be19010e2f9e125205e845
SHA512

2d5f3b51a350850b0e70e7bc1659788a9b7f8505cc02ab7a9688aa0a86e8480da35e79f26443c78cdedbc6cc9cba4d54b211e11434f611cb8d7405ca7434c32b

Score

10^/10

azorult oski raccoon 4320d8bbff1d6d308fddc660016aa8623ee9fec1 discovery infostealer spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

964ca687aae19eb199c4da55fa0667ce.exe

Resource

win7v20201028

azorult oski raccoon 4320d8bbff1d6d308fddc660016aa8623ee9fec1 discovery infostealer spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

964ca687aae19eb199c4da55fa0667ce.exe

Resource

win10v20201028

azorult oski raccoon 4320d8bbff1d6d308fddc660016aa8623ee9fec1 discovery infostealer spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

raccoon

Botnet

4320d8bbff1d6d308fddc660016aa8623ee9fec1

Attributes

url4cnc
https://telete.in/jrikitiki

rc4.plain

rc4.plain

Extracted

Family

azorult

C2

http://195.245.112.115/index.php

Extracted

Family

oski

C2

corinthiano.ug

Targets

- Target
  
  964ca687aae19eb199c4da55fa0667ce.exe
- Size
  
  951KB
- MD5
  
  964ca687aae19eb199c4da55fa0667ce
- SHA1
  
  b13e4a835e608d2a3e9c3ff718078a1131092375
- SHA256
  
  b30f264fda73db6970c313776095289e5fc0ee77f6be19010e2f9e125205e845
- SHA512
  
  2d5f3b51a350850b0e70e7bc1659788a9b7f8505cc02ab7a9688aa0a86e8480da35e79f26443c78cdedbc6cc9cba4d54b211e11434f611cb8d7405ca7434c32b
Score

10^/10

azorult oski raccoon 4320d8bbff1d6d308fddc660016aa8623ee9fec1 discovery infostealer spyware stealer trojan
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Suspicious use of NtCreateProcessExOtherParentProcess
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

azorultoskiraccoon4320d8bbff1d6d308fddc660016aa8623ee9fec1discoveryinfostealerspywarestealertrojan

behavioral2

azorultoskiraccoon4320d8bbff1d6d308fddc660016aa8623ee9fec1discoveryinfostealerspywarestealertrojan

© 2018-2024

Terms | Privacy